diff options
author | stilez <stilez@users.noreply.github.com> | 2016-12-27 02:11:20 +0000 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-12-30 09:54:03 -0200 |
commit | a8235a3dea0c83569c633e4e6e0f7e863894b2ec (patch) | |
tree | c5bdb2ed62cec55af2fe73980d90841664290405 /src/usr/local/www/firewall_rules_edit.php | |
parent | f2aeaff938eb45d5b183f29e67aea42bbef87d3b (diff) | |
download | pfsense-a8235a3dea0c83569c633e4e6e0f7e863894b2ec.zip pfsense-a8235a3dea0c83569c633e4e6e0f7e863894b2ec.tar.gz |
Data sanitation - check IP protocol in form data
Code doesn't seem to check that IP protocol is valid (IPv4/6/4+6) or report via $input_errors[] if not. Simple fix. Only spotted recently. Should be fixed whatever else?
(cherry picked from commit 202e23a81613c5810679e9b119ad4cc53977dbea)
Diffstat (limited to 'src/usr/local/www/firewall_rules_edit.php')
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 7a03550..8878a8b 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -349,6 +349,10 @@ if ($_POST) { unset($input_errors); + if (!array_key_exists($_POST['ipprotocol'], $icmplookup)) { + $input_errors[] = gettext("The IP protocol is not recognized."); + } + if (isset($a_filter[$id]['associated-rule-id'])) { $_POST['proto'] = $pconfig['proto']; if ($pconfig['proto'] == "icmp") { |